Skip to content

Phone Numbers and Instagram Profiles Being Sold on Telegram

Bottom line: The traded dataset is likely a combolist compiled from older password breaches, which attackers can use via credential stuffing and targeted phishing to access Instagram accounts.

A dataset linking phone numbers to Instagram profiles is being offered for sale via the Telegram channel of actor S-Root. Security analysts classify this as a repackaging of older data breaches, not as a new breach of Meta systems.

A dataset being promoted in the Telegram channel of S-Root links Instagram users’ phone numbers with their corresponding profiles and is being offered for sale. The timing coincides with Meta’s announcement that approximately 20,000 Instagram accounts were compromised due to a vulnerability in the AI-powered account recovery tool High Touch Support. However, analysts from Cybernews caution: the current dataset does not necessarily indicate a new successful breach of Meta databases.

Security forensics experts believe this is a so-called combolist – a newly repackaged combination of older data breaches. Such lists typically consist of unencrypted text files combining usernames, email addresses, and passwords, often sourced from malware logs that extract login credentials directly from web browsers. Cybernews analysts describe the structure as follows: “This looks more like a combolist targeting Instagram. Essentially, old leaked data was adapted to identify Instagram profiles or brute-force attack them.”

Two attack vectors are relevant for CISOs: criminals use combolists in credential-stuffing attacks – automated assaults in which specialized tools like OpenBullet, Sentry MBA, or Snipr test thousands of combinations per minute against login interfaces. With a success rate of just one percent, large lists can yield thousands of compromised accounts; verified credentials are subsequently resold on the dark web for as little as two US dollars. Second, the linking of phone numbers to profiles enables targeted phishing campaigns: attackers can craft personalized messages to specifically target public figures or cross-reference historical password patterns to take over accounts without multi-factor authentication enabled.


Source: www.it-daily.net · Published June 9, 2026
Lumi AI News — AI-assisted curation per Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.

Share on: